![Julius Davies [bit-booster.com] Avatar](https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/c7c16bc1eb70/img/default_workspace_avatar/workspace_code.svg){kind=small}
- changed status to resolved
Security Vulnerability Report lists only npm false positives
Issue #182
resolved
After updating to Control Freak 2020.12.10, we found the (now enabled by default) Security Vulnerability report. As much as it was exciting to see this functionality, sadly it only reported false positives for our project. It reported 2 vulnerabilities: CVE-2018-6341 & CVE-2013-7035 for npm:@types/react:16.9.2. Both reported vulnerabilities are false positives because: * They do not affect version 16.9.2 * The version in our project is not even the reported 16.9.2, but instead 16.9.46.
Comments (1)
-
repo owner
- Log in to comment
The "Security Vulnerability" feature of Control-Freak was removed and moved into a separate "Codegreen" plugin.
Also, we have significantly improved its accuracy in the last 6 months (if you would like to try out the now separate "Codegreen" plugin). It no longer reports those CVE's against npm:@types/react.